Method for Lawfully Intercepting Communication IP Packets Exchanged Between Terminals

ABSTRACT

A method for lawfully intercepting communication IP packets exchanged between terminals is provided. The method involves assigning an IP address associated with a telecommunication service provider to, for example, a sending terminal for use as its IP address in communications with a receiving terminal, the telecommunication service provider providing SIP proxy services for establishing communication between the sending and receiving terminals. The communication IP packets are intercepted in such a way that the terminals are unaware of the interception.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.12/338,799, filed on Dec. 18, 2008, which claimed priority to SpanishPatent Application No. P200802738, filed Sep. 26, 2008.

FIELD OF THE INVENTION

The invention is found in the field of the legal communicationsinterception technology and relates to a method of legal multimediacommunications interception between two terminals which communicate bymeans of IP packets wherein said multimedia communication is establishedby using the Session Initiation Protocol (SIP). The invention alsorelates to equipment in a Network System which performs said method.

BACKGROUND

An obligation of allowing local authorities to access informationexchanged between terminals of networks owned by telecommunicationservice providers exists in many countries. Implementing a lawfulinterception system or a communications interception system may be arequirement for being able to work as a telecommunications serviceprovider in said countries. This obligation of allowing the interceptionof communications is also applied to the communications by means of theIP protocol.

For example, in the United States of America, the “CommunicationsAssistance for Law Enforcement Act”, from now on CALEA, requires thetelecommunications networks and the telecommunications service providersto have means which enable the legal interception of communications.

In December 1997, the “Telecom Industry Association” (TIA) developed theJ-STD-025 standard which helps the telecommunications service providersto carry out the obligations established by CALEA.

Section 229, part a), of CALEA states that the Federal CommunicationCommission may establish the necessary rules for the telecommunicationsservice providers to implement the obligations stated by CALEA.

In August 1999 the Federal Communication Commission (FCC) published arule which required the telecommunications service providers to allowthe interception of communications which use commuted packetstechnology, like, for example, the IP protocol used in the Internet. TheFCC established September 2001 as the limit date for thetelecommunications service providers to implement the systems to allowthe interception of communications in the commuted packet networks.

In 1994, the FCC published a “Notice of Proposed Rulemaking” whichestablishes that the Voice over Internet Protocol (VoIP) services issubject to the obligations of CALEA.

However, some features of the IP protocol increase the difficulty toimplement the legal communications interception systems within commutedpacket networks. While in the systems based in commuted circuits, thedata of the communications follows a determined path until theirdestination. In the systems based on commuted packets, like for exampleIP, each data packet may follow a different path until its finaldestination.

Another difficulty to intercept communications based on VoIP is theencryption of the data transmitted in the data packets. In recent yearsthe computer security has increased in the Internet protocols publishedin the Internet Engineering Task Force (IETF).

One of the most used protocols in VoIP communications is the SessionInitiation Protocol or SIP. In recent years, the SIP protocol has turnedinto the most used protocol in applications and devices of VoIP.

The SIP protocol is described in the specifications of RFC3261, J.Rosenberg et. al., June 2002, published online by the InternetEngineering Task Force (IETF) and available atwww.ietf.org/rfc/rfc3261.txt.

The SIP protocol is a protocol which administers the sessionestablishment but does not send the communication data. For example, ina VoIP session, the SIP protocol is used for establishing a sessionbetween various pieces of equipment, which is commonly known as“signalling”, and a different protocol, such as the Real Time Protocol(RTP), is used for transmitting the coded voice between said equipment.

The RTP protocol is described in the specification RFC 3550, HSchulzrine et. Al., July 2003, published online by the IETF andavailable at www.ietf.org/rfc/rfc3550.txt

The SIP protocol found in RFC3261 considers different security protocolsfor a secure exchange of SIP messages.

A first basic security protocol which may use SIP is the protocol knownas “HTTP digest” which enables an authentication of messages and areplay protection.

The HTTP digest protocol is described in RFC2617, J. Franks et. al.,June 1999, published online by the IETF and available atwww.ietf.org/rfc/rfc2617.txt.

A second security protocol for SIP is the “S/MIME”. Its use in SIP isdescribed en section 23 of said RFC3261 specifications.

The S/MIME protocol is described in RFC2633, B. Ramsdell, June 1993,published online by the IETF and available atwww.ietf.org/rfc/rfc2633.txt.

A third security protocol for SIP is the “Transport Layer Security”(TLS) protocol. Its use in SIP is described in section 19.1 “SIP andSIPS Uniform Resource Indicators” of RFC3261.

Said section states that a URI (Uniform Resource Identifier) of a SIPStype establishes that the resource referred by the URI has to becontacted in a secure way. Therefore, the TLS protocol has to be usedbetween the User Agent Client (UAC) and the domain which the URI belongsto. When inside the URI's domain, a secure means of communication isused depending on the security policy of said domain.

The TLS protocol, standardised by the IETF from the SSL protocol (SecureSockets Layer) developed by Netscape, uses digital certificates forservers authentication and its use is widespread in the Internet.

Another security protocol whose use is considered in RFC 3261 is theIPsec protocol. Section 26.2.1 “Transport and Network Layer Security” ofsaid RFC shows that the IPsec is usually used in architectures where aplurality of equipment or domains have a trust-based relationshipbetween them, which is not always possible.

IPsec is a plurality of security protocols developed by IETF. The basicarchitecture of IPsec is described in RFC4301, Security Architecturesfor the Internet Protocol, S. Kent et. al., December 2005, publishedonline by the IETF and available at www.ietf.org/rfc/rfc4301.txt.

The use of said security protocols in SIP with the different paths whichan IP packet may use, make difficult the interception of thecommunications used by the SIP protocol.

Another factor which makes difficult the legal interception of thecommunications which use the IP protocol is the continuous evolution ofthe protocols used by the IP packets, the majority of whom are designedby the IETF.

In the year 2000 there was a debate in the IETF about the convenience oftaking into account or not the legal interception of communications whendesigning communications protocols. The result of said debate was thatthe IETF decided not to take into account the legal interception ofcommunications. The reasons of said decision are explained in the RFC2804 specifications “IETF Policy on Wiretapping”, Harald Alvestrand, etal., May 2000, published by the IETF and available atwww.ietf.org/rfc/rfc2804.txt.

Since the majority of the communication protocols through the Internetare designed by the IETF, this decision implies that almost all theprotocols used in Internet are designed without taking into account thelegal interception of communications.

A basic requirement of the systems for legal interception ofcommunications is that the interception may not be detected by thepeople involved in said communications since if they do, they will notexchange important information or may exchange false information forcheating the authorities who are intercepting the communications.

The present invention describes an improved method and system forallowing legal interception of the communications which use the SIPprotocol.

SUMMARY OF THE DISCLOSURE

The invention has the final objective of providing an improved system oflegal interception of communications which cannot be detected by theusers involved in the communication.

According to one aspect, a method for lawfully interceptingcommunication IP packets exchanged between a first terminal having afirst IP address and a second terminal having a second IP address isprovided comprising a first equipment in a first data network of a firstcommunications service provider assigning a third IP addresscorresponding to the first telecommunications service provider to thefirst terminal for use in a SDP (Session Description Protocol)connection field of SIP (Session Initiation Protocol) messages sent bythe first terminal, establishing communication between the first andsecond terminals by exchanging SIP messages using an SIP proxy serviceof the first data network, the first equipment and/or a second equipmentin the first data network receiving at least some of the communicationIP packets sent from the first terminal; and intercepting thecommunication IP packets in the first data network.

According to another aspect, a method for lawfully interceptingcommunication IP packets exchanged between a first terminal having afirst IP address and a second terminal having a second IP address isprovided comprising: a first equipment in a first data network of afirst telecommunications service provider assigning a third IP addresscorresponding to the first telecommunications service provider to thefirst terminal for use in a SDP (Session Description Protocol)connection field of SIP (Session Initiation Protocol) messages sent bythe first terminal, establishing communication between the first andsecond terminals by exchanging SIP messages using a SIP proxy service ofthe first data network, the first equipment and/or a second equipment inthe first data network receiving at least some of the communication IPpackets sent from the first terminal and removing any first IP addressdata from the communication IP packets before sending the messages tothe second terminal; and intercepting the communication IP packets inthe first data network, the SIP messages being intercepted withoutchanging the SDP connection field.

According to another aspect, a method for lawfully intercepting acommunication between a first terminal having a first IP address and asecond terminal is provided comprising: sending from a first datanetwork of a telecommunications service provider a second IP addresscorresponding to the telecommunications service provider for use as asource address in an inner header of at least some of the communicationIP packets sent by the first terminal, establishing communicationbetween the first and second terminals using an SIP (Session InitiationProtocol) proxy service of the first data network, the second terminallocated outside the first data network, receiving in the first datanetwork encapsulated communication IP packets sent from the firstterminal which contain the inner header and unpacking in the first datanetwork the encapsulated communication IP packets to remove any outerheaders that contain the first IP address, intercepting in the firstdata network at least some of the communication IP packets received fromthe first terminal without changing the inner header; and sending fromthe first data network the unpacked data packets containing the innerheader to the second terminal.

According to another aspect, the invention relates to a method of legalmultimedia communications interception between a first terminal and asecond terminal which communicate by means of IP packets wherein saidmultimedia communication is established by using the Session InitiationProtocol (SIP), a version thereof, or any suitable protocol forestablishing a VoIP session between various pieces of equipment, and afirst terminal sends messages of the SIP protocol (for example) whichinclude information which states that the IP address which it uses tosend and receive the multimedia data of the communication is an externalIP address which belongs to a network interface or a network card of anintermediate equipment and the IP packets which the terminals exchangeduring the multimedia communication go through said intermediateequipment and the IP packets which arrive to said intermediate equipmentfrom said first terminal arrive encapsulated and said intermediateequipment removes the packaging before resending said IP packets to itsdestination, and the intermediate equipment encapsulates the IP packetswhich it receives directed to said first terminal and resends saidpackets encapsulated to said first terminal. The legal interception ofthe IP packets of the communication between the two terminals isperformed when said IP packets arrive to equipment connected to the samedata network which the intermediate equipment is connected to.

In one implementation, a method of legal interception of multimediacommunications between two terminals which communicate by means of IPpackets has been developed, the method comprising: the establishment ofa multimedia communication by means of the Session Initiation Protocol(SIP), and; a first terminal sends messages of the SIP protocol whichinclude information which states that the IP address that it is going touse to send and receive the multimedia data of the communication is anexternal IP address which belongs to a network interface of anintermediate equipment, and; the IP packets which are exchanged by theterminals in the multimedia communication go through said intermediateequipment, and; the IP packets which arrive to said intermediateequipment from said first terminal are encapsulated and saidintermediate equipment removes the packaging before resending said IPpackets to its destination, and; the intermediate equipment encapsulatesthe IP packets it receives that are directed to said first terminal andresends said encapsulated packets to said first terminal; and the legalinterception of the IP packets from the communication between twoterminals is performed when said IP packets arrive to an interceptorequipment connected to the same data network which is connected to theintermediate equipment.

According to one embodiment, the two terminals exchange multimedia datausing the RTP protocol.

According to another embodiment, the intermediate equipment includes thefunctionality of a Home Agent and communicates with said first terminalusing a Mobile IP protocol.

According to another embodiment, the communication protocol between theintermediate equipment and said first terminal is the Mobile IPv4protocol.

According to another embodiment, the communication protocol between theintermediate equipment and said first terminal is the Mobile IPv6protocol.

According to another aspect of the invention, network equipment whichintercepts IP packets in a legal interception of a multimediacommunication between two terminals which establish a multimediacommunication using the Session Initiation Protocol (SIP) is providedthat comprises: a first intermediate network equipment that sends to afirst terminal information which contains an IP address that the firstterminal uses to send and receive the multimedia data of thecommunication, the IP address belonging to a network interface of saidintermediate equipment, and; the IP packets which are exchanged by theterminals in the multimedia communication go through said intermediateequipment, and; the IP packets which arrive to said intermediateequipment from said first terminal arrive encapsulated and saidintermediate equipment removes the packaging before resending said IPpackets to their destination, and; the intermediate equipmentencapsulates the IP packets which it receives directed to said firstterminal and resends said encapsulated packets to said first terminal,and; a second interceptor network equipment connected to the same datanetwork as the first intermediate network equipment that performs thelegal interception of the IP packets of the communication between thetwo terminals.

In one embodiment, the network equipment intercepts the IP packets whenthe two terminals exchange multimedia data using the RTP protocol.

In another embodiment, said intermediate equipment includes thefunctionality of a Home Agent and communicates with said first terminalusing a Mobile IP protocol.

According to another embodiment, the communication protocol between theintermediate equipment and said first terminal is the Mobile IPv4protocol.

According to another embodiment, the communication protocol between theintermediate equipment and said first terminal is the Mobile IPv6protocol.

Preferably, said interceptor network equipment which performs theinterception of the packets also includes said intermediate equipment.

BRIEF DESCRIPTION OF THE DRAWINGS

Other advantages and features of the invention are found from thefollowing description where, without limiting in character, a pluralityof preferred embodiments of the invention are described by means of thefollowing drawings, wherein:

FIG. 1 shows a basic example of establishment of a SIP session using aSIP PROXY type server.

FIG. 2 shows a typical configuration between two SIP Proxies knowngenerally as “SIP trapezoid”.

FIG. 3 shows an example of an interception system for SIP communicationsof the prior art.

FIG. 4 shows an improved system for legal interception of communicationsaccording to an embodiment of the present invention.

FIG. 5 shows a method of packing known as “IP Encapsulation within IP”for use in alternative embodiments of the present invention.

DETAILED DESCRIPTION

The present invention provides an improved system of interception ofcommunications which uses the Session Initiation Protocol which cannotbe detected by the users involved in said communication.

SIP messages also use another protocol called “Session DescriptionProtocol” or SDP. The SDP protocol is described in RFC2327, M. Handleyet. al., April 1998, published online by the IETF and available atwww.ietf.org/rfc/rfc2327.txt.

The SIP and SDP protocols as discussed herein are considered to be thecurrently standardized protocols and any current or future modificationsor equivalents thereof.

FIG. 1 shows a basic example of an establishment of an SIP sessionbetween two terminals 110 and 130 for communications VoIP through a SIPProxy.

FIG. 1 shows two telephones or SIP terminals 110 and 130 whichcorrespond to two fictitious users known as Alice (111) and Bob (131).Said terminals 110 and 130 include the functionalities of the entitieswhich the SIP protocol denominates “User Agent Client” and “User AgentServer”. Because of this, in the SIP protocol, the terminals used by theusers are known as “User Agents”.

In a lot of bibliography about cryptography it is usual to usefictitious characters such as Alice, Bob and Eve to describe securitysystems and its vulnerabilities. Normally, Alice and Bob establish acommunication and Eve (shortening of eavesdrop which means “to listensecretly”) is a fictitious character which tries to intercept thecommunication.

Said terminals 110 and 130 comprise network interfaces represented bythe elements 115 and 135 respectively. The SIP proxy server 120comprises a network interface represented by element 125.

Said terminals 110 and 130 with the SIP Proxy 120 exchange messagesusing SIP and RTP protocols. Said messages are encapsulated in IPpackets.

Bold lines 112, 122 and 132 from FIG. 1 show the origin and destinationof each message and help to show the temporal order of the exchangedmessages, which is in the descendant order represented by said lines.

The messages used by the SIP protocol are showed by arrows 140, 142,144, 146, 148, 150, 152, 154 and 156. The origin and destination of theIP packet which carries the SIP message is shown by the direction of thearrow.

Bold line 160 represents the exchange of multimedia data between theterminals using, for example, the RTP protocol. Said multimedia data maybe, for example, a telephone conversation between Alice and Bob.

FIG. 1 illustrates a feature of the SIP protocol which makes difficultthe legal interception of the communications. This feature is that themultimedia data of the communication, represented in FIG. 1 by bold line160 which uses the RTP (Real Time Protocol), is transmitted directlybetween terminal 110 from Alice and terminal 130 from Bob. This way theIP packets which pack the multimedia data using RTP do not go throughthe SIP Proxy 120.

In the following the establishment of the SIP session from FIG. 1 isdescribed with more detail.

Alice knows the IP address of the SIP Proxy server 120 which Bob usesfor establishing SIP sessions and sends 140 from its SIP terminal an SIPINVITE-type message 141 to the SIP Proxy 120. Said SIP Proxy resendsusing the communication 142 the INVITE message 143 to Bob's SIP terminal130.

Said SIP message 141, 143 which is an INVITE-type message, includes aunique identifier of the SIP session using a field or a SIP header knownas “Call-ID”. It also includes information about the means which Alicewants to use for establishing the SIP session with Bob. For describingsaid means, the SIP protocol uses a second protocol known as “SessionDescription Protocol” (SDP).

With said information which the SIP INVITE-type message transmits usingthe SDP protocol there is the IP address of the network interface 115 ofAlice's terminal 110 from which is going to be sent the multimedia data,the kind of protocol to be used for sending the multimedia data, forexample RTP, and the port to be used in said multimedia datatransmission.

When Bob's terminal 130 receives the INVITE message 143, it repliessending using the communication 144 a SIP message which is a “180Ringing” type message 145 to the SIP Proxy 120 so the “180 Ringing”message 147 will be resent using the communication 146 to Alice'sterminal 110. Simultaneously Bob's terminal 130 beeps with a sound orsome kind of signal to indicate to Bob that a call is arriving.

When Bob accepts the call from Alice, for example by picking up theearphone of the terminal 130, Bob's terminal 130 sends using thecommunication 148 a SIP message 149 which is a “200 OK” type of messageto the SIP Proxy 120. The SIP Proxy 120 resends the “200 OK” message 151to Alice's terminal

This “200 OK” message includes information, also described by means ofthe SDP protocol, about the means which Bob wants to use for sending themultimedia data, including the IP address and the port which terminal130 is going to use for sending the multimedia data and the kind ofprotocol for sending the data, which may be, for example, the RTPprotocol.

The last step for establishing the SIP session is that terminal 130 fromAlice sends using the communication 152 an “ACK” type SIP message 153 toconfirm that Bob has received the answer. This message 153 isencapsulated in an IP packet which is sent directly from Alice'sterminal to Bob's terminal without going through the SIP Proxy 120. Fordoing so, Alice uses the IP address which Bob indicated through the SDPprotocol in a “200 OK” message 149.

At this point in time the SIP session is already established andterminals 110 and 130 may exchange multimedia data 161 using a protocolsuch as RTP, previously described. Said multimedia communication,represented in the figure by bold line 160, is performed directlybetween Alice's terminal 110 and Bob's terminal 130 without goingthrough the SIP Proxy 120.

The SIP messages which are a “BYE” 155 and “200 OK” 157 type are usedfor closing the SIP session.

FIG. 2 shows a very common network topology known as “SIP trapezoid”. Inthis topology, two SIP terminals 210 and 230 from different domainsestablish an SIP session using two SIP Proxy servers 220 and 240, eachone in a domain.

The term “SIP trapezoid” is used because of the trapezoid formed bylines 270, 212, 290 and 232 which represent communications using the SIPprotocol.

In the configuration of FIG. 2, each SIP terminal 210 and 230 isconfigured for using a SIP Proxy 220 and 240 respectively, to whom theysend the SIP messages for establishing SIP sessions.

For example when Alice's terminal 210 wants to establish a session withBob's terminal 230, terminal 210 sends a SIP message 213 which is anINVITE type message to Proxy 220 using the communication 212.Afterwards, the steps which the INVITE message follows until reachingterminal 230 which Bob is using are described.

Following the usual denomination used in the RFC specifications from theIETF, we will use the term “header” for referring to the informationtransmitted using the text lines of the SIP protocol and the term“field” for referring to the information which is transmitted using thetext lines of the SDP protocol.

The INVITE message 213, sent by terminal 210 to Proxy 220 includes aplurality of headers and fields whose information is described in thefollowing:

-   -   A header known as “To” which includes a URI (“Uniform Resource        Identifier”) special for the SIP protocol known as SIP URI and        which identifies the resource which is the destination of the        INVITE message. For example the SIP URI of destination of the        INVITE message may be the URI sip: bob@mediapatents.com.    -   A header known as “From” which includes a SIP URI which        identifies the origin resource which sends the SIP message, such        as sip:alice@example.com.    -   A header known as “Call-ID” which is a unique identifier for the        SIP session to be established.    -   A plurality of fields which use the SDP protocol previously        described. In the SDP fields is included the information of the        IP origin address which terminal 210 is going to use for sending        the multimedia data in the communication 280, and the port and        type of protocol which is wanted for the multimedia        communication, for example, the RTP protocol.

The field SDP used for the IP address which is going to be used byterminal 210 in the multimedia communication 280 is the field known as“connection” which begins with the “c” letter. In FIG. 2, the IP addressof Alice's terminal is represented by the element 214 which has thevalue 100.101.102.103. In this case, the INVITE message sent by Alicewill contain the following text line in the SDP protocol: C=IN IP4100.101.102.103

Where parameter “IN” refers to the Internet network and parameter “IP4”says that the address which follows, 100.101.102.103 is a version 4 IPaddress.

When the SIP Proxy 220 receives the INVITE message directed to theresource sip:bob@mediapatents.com, it uses the DNS protocol for locatingthe SIP Proxy Server of the “mediapatents.com” domain which Bob is partof. For doing so, the SIP Proxy 220 communicates with the DNS server 250using communication 221 using a DNS protocol message known as “query”which is the specific type of “DNS SRV” which uses the DNS protocol forlocating resources which provide services, in this case, the SIP Proxy240 of the “mediapatents.com” domain.

The DNS server 250 answers sending the IP address of the SIP Proxy 240of the “mediapatents.com” domain which Bob is part of. This exchange ofmessages in the DNS protocol in the communication 221 is illustratedwith the element 222 of FIG. 2.

When the SIP Proxy 220 knows the IP address of the Proxy 240, ittransmits the INVITE message 291 to said SIP Proxy 240 usingcommunication 290.

Normally the communication 290 uses one security protocol like forexample the TLS protocol or the IPSEC protocols previously described.These security protocols offer different security services like forexample, encryption or authentication of the SIP messages interchangedby the two SIP Proxy servers.

When the SIP Proxy 240 receives the INVITE message directed to theresource indicated in the SIP URI “sip:bob@mediapatents.com”, the SIPProxy 240 locates said resource and sends the INVITE message 233. InFIG. 2 the resource sip:bob@mediapatents.com is associated to terminal230 and the Proxy 240 sends the SIP message 233 which is an INVITE typeof message using communication 232 to said terminal 230.

To locate sip:bob@mediapatents.com, the SIP Proxy 240 may use differentlocating services. The RFC3261 specifications which define the SIPprotocol, in it's section “10 Registration” refer to this locatingserver as an abstract service known as “Location Service” which allowslocating users within a domain associating the two types of URIdescribed in the following. The interface between the SIP Proxy and the“Location service” is not defined in the specifications RFC 3261.

The SIP protocol defines two types of SIP URI. A first type is URIassociated to users and a second type is the one associated withdevices.

The SIP URI associated to users is known as “Address-of-Record” URI (AORURI). For example, the user Bob may use the URI sip:bob@mediapatents.comand print this URI in his visiting cards. This URI would be the usualway for contacting the user Bob and may be included in the headers “To”and “From” in the SIP messages.

The SIP URI associated with devices, also known as “device URI” or“contact URI”, allow directing SIP messages to the device each useruses. For example, in FIG. 2, Bob is using terminal 230 which has the“contact URI” 200.201.202.203 associated, which is the IP address thatterminal 230 uses for establishing multimedia communications. Usuallythe information of the URI associated to a device which is used by auser is included in the “Contact” header of the SIP messages.

Although there are many ways of providing the “Location Service”, theSIP protocol defines a special type of server known as “SIP registrar”which relates the “Address-of-Record URI” with one or more “device URI”storing this information in a database.

When a user changes his device he may send a SIP message such as a“REGISTER” type message to the “SIP registrar” server for associatingits “AOR URI” with one or more “device URI”.

In FIG. 2, when SIP Proxy 240 receives the INVITE message 291 directedto the URI sip:bob@mediapatents.com, the SIP Proxy 240 obtains the“device URI” through communication 241 with the “Location Server”260which provides the “Location Server's” service. Said server sends theinformation that the AOR URI sip:bob@mediapatents.com is associated withthe “device URI” 200.201.202.203 and the SIP Proxy 240 retransmits usingcommunication 232 the INVITE message 233 to the IP address of terminal230 which is the IP address corresponding to said “device URI”. Thisway, the INVITE message 233 arrives to terminal 230 which Bob is usingin that moment.

The SIP message flow for establishing the SIP session continues aspreviously described in FIG. 1 until the establishing of the SIP sessionand the beginning of the multimedia communication 280 which exchangesmultimedia data 281 directly between the IP addresses 100.101.102.103 ofterminal 210 and IP 200.201.202.203 of terminal 230.

Like in FIG. 1, the two terminals 210 and 230 can send SIP messages toeach other directly, for example “ACK”, “BYE” or “200 OK” type SIPmessages. These messages are represented by the element 271 of FIG. 2.The element 270 represents a communication directly between the twoterminals used when one terminal sends IP packets directly to the IPaddress of the other terminal.

For performing the legal interception of the communications of FIG. 2,it is necessary to intercept the communication 280 which sends the data,for example, a telephone conversation. For intercepting saidcommunication 280, it is useful to intercept the SIP messages used forestablishing said communication since inside said SIP messages it isfound the necessary information for performing the interception, such asfor example the IP addresses of both ends of the communication 280, theports used in each end, the transport protocol (normally RTP) and thetype of audio or video codification.

FIG. 3 shows an example of the prior art which allows performing saidlegal interception of the communication. The method used in FIG. 3 isdescribed in United States patent application published asUS2004/0202295, “Lawful Interception for VoIP calls in IP basednetworks”, Yuzhong Shen, et al. July 2003, available at the USPTOwebsite.

The method described in said patent application consists of aninterceptor device 310 which includes a SIP Proxy 320 and a RTP Proxy330.

For intercepting the communications. The SIP Proxy 320 modifies the SIPmessages which are exchanged between terminals 210 and 230 changing theIP origin and destination addresses in such a way that the IP packetswhich contain the data of the multimedia communication go through thedevice known as RTP Proxy, from where they may be copied to the deviceknown as “Recorder” 390.

The SIP Proxy 320 receives the SIP messages from SIP Proxy 220 using thecommunication 321 and transmits the modified SIP messages to the SIPProxy 240 using the communication 322.

In the same way, the SIP Proxy 320 receives SIP messages from the SIPProxy 240 using the communication 324 and retransmits the modified SIPmessages to the SIP Proxy 220 using the communication 323.

In doing so, the SIP Proxy 320 of FIG. 3 modifies the content of the SDPfields included in the SIP messages that Alice and Bob exchange. Moreprecisely the SIP Proxy 320 modifies the following fields:

-   -   The SDP field known as “connection” which includes the origin IP        address which each terminal 210 and 230 is going to use for        sending and receiving IP packets with multimedia data. Said        field is the SDP line which begins with the indicator “c=”.    -   The SDP field known as “media” which indicates the port which        each terminal is going to use for sending the multimedia data,        normally using the UDP protocol (“User Datagram Protocol”). Said        field is the SDP line which begins with the indicator “m=”.

Said fields “connection” and “media” are transmitted in the SIP messageswhich are the “INVITE” and “200 OK” type messages used for establishingthe SIP session.

We will call IP1 and IP2 the IP addresses used by Alice and Bobrespectively for transmitting and receiving IP packets with multimediadata using the RTP protocol, which we will call RTP packets. In FIG. 3IP1 is 100.101.102.103 and IP2 is 200.201.202.203.

In a communication with no interception with the communication 280 ofFIG. 2, the RTP packets are exchanged directly between the IP1 and IP2addresses.

By means of the invention of FIG. 3, the SIP Proxy 320 modifies the SDPfields of the SIP messages to indicate to Bob that the origin IP addressof Alice is IP4 and to indicate to Alice that the origin IP address fromBob is IP3.

Addresses IP3 and IP4 are IP addresses of the network interfaces 331 and332 respectively from the RTP Proxy device 330.

This way Alice sends her RTP packets with multimedia data to address IP3of the network interface or network card 331. This communication isrepresented by the line 333 in the FIG. 3.

Bob sends his RTP packets with multimedia data to address IP4 of thenetwork interface or network card 332. This communication is representedby the line 336 in the FIG. 3.

In FIG. 3 when the device known as “RTP Proxy” 330 receives the IPpackets which carry RTP packets, copies said information transmitting itto a device known as “Recorder” 390 and retransmits the RTP packets tothe final destination, being either Bob or Alice using thecommunications represented by the lines 334 and 335 respectively.

For more clarity, it will now be explained how the interceptor device ofFIG. 3 works, using an example.

For example, Alice sends a SIP message 213 which is an INVITE typemessage to Bob for establishing a SIP session. Said INVITE messagecontains the SDP field which is a “connection” type field with the IP1address which Alice is going to use for sending the RTP packets which is100.101.102.103.

The SIP Proxy 320 receives the INVITE message from Alice, modifies theSDP field known as “connection” so it contains the IP4 address andtransmits the INVITE message to the SIP Proxy 240 for it to retransmitit to terminal 230 which Bob is using. This way, when terminal 230receives the INVITE message 233, the SDP field “connection” contains theIP4 address as if Alice was sending the RTP packets from the IP4address.

When Bob picks up the earphone of his terminal 230, said terminal sendsa SIP message 233 which is a “200 OK” type message which includes theIP2 address which Bob is going to use for sending the RTP packets, whichis address 200.201.202.203.

Said “200 OK” SIP message arrives to the SIP Proxy server 320, whichmodifies the SDP field “connection” for exchanging the IP2 address forthe IP3 address, and resends the message to SIP Proxy 220 which resendsit to Alice's terminal 210.

This way, Alice's terminal will send its IP packets which contain RTPpackets to the IP3 address and Bob's terminal will send its IP packetswith RTP to the IP4 address.

The RTP Proxy 330 receives by means of its network interface 331 whichuses IP3, the RTP packets which Alice sends to Bob, sends a copy of theinformation of the RTP packets to the Recorder device 340 and resendsthe RTP packets to Bob.

Similarly, the RTP Proxy receives through its network interface 332which uses the IP4 address, the RTP packets which Bob sends to Alice,sends a copy of the content of the RTP packets to the recorder deviceand resends the RTP packets to Alice.

This system of FIG. 3 has several disadvantages. The first disadvantageis that Alice and Bob can detect easily that the communication is beingintercepted which makes useless the interception of the communicationsince Alice and Bob will not exchange important information if theydetect that the communication is being intercepted.

A first easy way of detecting that the communication is beingintercepted is by talking. Alice may ask Bob which is his IP address.Since Bob's terminal 230 is not being intercepted, the terminal willshow Bob its real IP address which is IP2. Bob says to Alice that hisaddress is IP2 and Alice detects that the RTP packets of thecommunication with Bob come from an IP3 address different from IP2. Thisway Alice and Bob detect just by talking that the communication is beingintercepted.

Any other system of legal interception of the communications between twoterminals which needs to modify the IP packets exchanged by the twoterminals, like the system of FIG. 3, may be easily detectable by theusers. For example the users may include fields of authentication fordetecting if the IP packets have been modified.

The second disadvantage of the system of interception of FIG. 3, is thatthe system is based in modifying the SDP fields carried by the SIPmessages without taking into account that the SIP protocol includesseveral security features to avoid that the SIP messages are modified inthis way.

For example, if the SIP Proxy servers 220 and 240 communicate using thesecurity protocols TLS (“Transport Layer Security”) or IPsec previouslydescribed, the SIP messages exchanged by said servers will be protectedand encrypted and the SIP Proxy 320 will not be able to read them normodifying them.

A third disadvantage is that the interception device 310 needs tointercept the IP packets which are exchanged by the SIP Proxies 220 and240. For doing so, it has to be located in the path between the two SIPProxies when the IP packets that are being sent through a data networkcan use different paths for arriving to its destination.

The present invention solves these problems using a new interceptionsystem of the SIP messages and the RTP messages which does not have tomodify the SIP messages and neither the SDP fields which contain theorigin and destination IP addresses of the communication between Aliceand Bob.

The present invention allows Alice and Bob to exchange the multimediainformation using the same origin and destination IP addresses whetherthe communication is being intercepted or if it is not. By means of thepresent invention, there is no difference in the IP packets which Aliceand

Bob exchange because of the interception of the communication. Thisprevents that Alice and Bob may detect that the communication is beingintercepted.

FIG. 4 shows an example of an embodiment of the present invention. FIG.4 shows an intermediate equipment known as “Tunnel server” 480 locatedin a data network 423 of a telecommunications service provider 425 (alsoknown as a TSP or “Telecom Service Provider”) through which the IPpackets exchanged by Alice and Bob go, in a communication which uses theSIP protocol, a version thereof, or any other suitable protocol forestablishing VoIP sessions between various pieces of equipment.

In the present invention, one of the users whose communication is to beintercepted, for example Bob, uses in the SDP field known as“connection” of its SIP messages an IP address which is not the IP2address of its terminal 430 but an IP5 external address corresponding toTSP 425 which provides Bob with the SIP Proxy service.

The IP5 address that the TSP 425 assigns to Bob's terminal 430 could bea fixed IP address that remains constant or a could be a changing IPaddress that changes every time Bob starts using the services offered bythe Telecom Service Provider 425 or TSP 425.

Also a same IP5 address could be assigned to different users of the TSP425 by assigning different ports to each user.

The TSP 425 may obtain Bob's SIP URI and IP2 information and transmitIP5 and port information to terminal 430 in different ways. In one way,for example, the Tunnel server 480 may have a web page where Bob canintroduce his SIP URI and IP2 address and obtain an IP5 address and portassigned by the tunnel server 480.

This way the TSP 425 receives the RTP traffic 427 from Alice by means ofsaid IP5 address and resends the RTP traffic to Bob's terminal 430.

FIG. 4 shows this performance. Bob's terminal 430 sends SIP messages toAlice's terminal 210 which does not include its own IP2 but a differentaddress IP5 corresponding to TSP 425.

TSP 425 has several servers 460, 470, 480, and 490, each one preferablyhaving at least one network interface 461, 471, 481, 491 respectivelyconnected each other by means of a data network 423, for exampleEthernet, which is also connected to the network interface 422 of therouter 420 which allows the TSP equipments to send and receive IPpackets to and from external networks, for example Internet.

Router 420 receives by means of its network interface 424 the IP packetsfrom Alice's terminal 210 and from the SIP Proxy Server 220. Also, therouter 420 receives through its network interface 421 the IP packetsfrom Bob's terminal 430.

In FIG. 4 are also shown the network interfaces 211, 221, 251 and 431which correspond to Alice's terminal 210, the SIP Proxy Server 220, DNSserver 250 and Bob's terminal 430 respectively.

Router 440 gives connection to Bob's terminal 430. The network interface431 of Bob's terminal 430 is connected to the network interface 442 ofthe router 440 by means of a network 433, for example Ethernet, whichmay be a cable network or a wireless network.

The bidirectional arrows 212, 223, 290, 424, 425 and 443 from FIG. 4represent communications between different equipment. By means of any ofthese arrows or communications the equipment at the ends of each arrowmay exchange IP packets. However, this does not imply that the equipmentat the ends of the arrow are directly connected by means of a physicalnetwork, for example Ethernet. For example the IP packets sent by theSIP Proxy Server 220 to the router 420 by means of a communicationrepresented by arrow 290 may go through several routers and datanetworks, like for example Internet, in its path from origin todestination.

But on the other hand, elements 423 and 433 represent data networks, forexample Ethernet networks, either by means of cable network, opticfiber, wireless or any other kind of network.

In FIG. 4, router 440 may provide an IP2 address to Bob's terminal 430,which terminal 430 may use for sending and receiving IP packets. Howeverterminal 430 does not send its SIP messages showing its true 1P2address, which is 200.201.202.203.

Instead of using its true IP2 address, terminal 430 obtains at first anIP address from the intermediate equipment known as Tunnel server 480,which we will call IP5 represented in FIG. 4 by element 483 which is120.130.140.150, and sends its SIP messages as if the IP address fromterminal 430 was IP5 instead of IP2.

The IP5 address may be, for example, an IPv4 or IPv6 address of thenetwork card 481 of the Tunnel Server 480 or may be any IP address ofthe network 423 that allows the Tunnel server 480 to read the IP packetswhose destination address is IP5.

For the terminal 430 to be able to send IP packets with SIP messages orRTP messages in which the origin address of the IP packet is IP5, theterminal 430 may encapsulate the IP packets containing SIP messages orRTP packets inside other IP packets which use an IP addresstopologically correct, in this case IP2 address. For doing such a thing,terminal 430 may use different encapsulating IP protocols.

In the following the encapsulating IP protocols are explained brieflybefore continuing with the description of FIG. 4.

One of said packing protocols which may be used in the present inventionis the “IP Encapsulation within IP” protocol, described in RFC2003, C.Perkins, October 1996, published online by the IETF and available atwww.ietf.org/rfc/rfc2003.txt.

In FIG. 5, from said RFC2003, it is shown the basic performance of saidprotocol “IP Encapsulation within IP”. A first IP packet made by aheader “IP Header” 510 and which carries a plurality of data “IPPayload” 520 is modified 530 for adding a new header known as “Outer IPHeader” 540 which will be the header the IP packet uses for reaching itsdestination. The IP header 550 and the IP Payload 560 will generallycontain the same information as the IP header 510 and IP Payload 520respectively.

The present invention also may use any other encapsulating protocol. Forexample it may use the “IP Authentication Header” or the “IPEncapsulation Security Payload (ESP)” protocol which are protocolstypically used with the plurality of security protocols known as IPsec.

The “IP Authentication Header” protocol is described in RFC4302, S.Kent, December 2005, published online by the IETF and available atwww.ietf.org/rfc/rfc4302.txt.

The “IP Encapsulation Security Payload (ESP)” protocol is described in4303, S. Kent, December 2005, published online by the IETF and availableat www.ietf.org/rfc/rfc4303.txt.

Back to FIG. 4, the terminal 430 prepares its SIP messages using theinformation obtained from TSP 425. For example, it uses the IP5 addressobtained from the TSP 425 in its “connection” SDP field of the SIPmessages. It also uses the port information obtained from TSP 425 in the“media” SDP field of its SIP messages.

To send the SIP messages, the terminal 430 prepares the IP packets whichtypically contain the SIP messages and the RTP packets, using as originIP address the IP5 address, which is 120.130.140.150, assigned by theTunnel server 480 and as destination IP address, the IP address of theequipment with which it is communicating, for example, IP1 address ofAlice's terminal.

Said IP packets may be encapsulated, for example, using the “IPEncapsulation within IP” protocol described in FIG. 5. In this case, anew external header or “Outer IP Header” is added to the IP packet whichcontains an origin IP address topologically correct for transmitting theIP packet, for example the origin IP2 address which the router 440 mayhave assigned to the network interface 431 of terminal 430. Saidexternal header may include as a destination IP address an IP address ofa network interface 481 of the Tunnel server 480.

This way, terminal 430 creates a tunnel 485 from terminal 430 to theTunnel server 480. This tunnel allows transmitting the IP packets whichcontain SIP messages 486 or RTP packets 484 from the network interface431 from Bob's terminal to the networks interface 481 of the TunnelServer 480. The discontinuous line 482 shows the directions which the IPpackets follow inside the tunnel 485.

The router 440 and the router 420 are connected using the communication443. The router 440 uses the network interface 441 to send IP packets torouter 420. As explained before, by means of the 443 communications theequipment at the ends of the arrow may exchange IP packets. However,this does not imply that the equipment at the ends of the arrow aredirectly connected by means of a physical network, for example Ethernet.The IP packets sent by the router 440 to the router 420 by means of acommunication represented by arrow 443 may go through several routersand data networks, like for example Internet, in its path from origin todestination.

According to one embodiment, when the Tunnel server 480 receives an IPpacket through this tunnel 485, it removes the external header of the IPpacket and resends to its destination the original IP packet which hasas the origin IP address the IP5 address which the Tunnel server hasassigned to the terminal 430. This way SIP messages 426 and RTP messages427 sent from Bob to Alice are sent through router 420 via interface 424and communications 424 and 425 respectively.

Also, from Alice's point of view, the IP address of Bob's terminal isthe IP5 address, since it is the one in the SDP fields included in theSIP messages, and all the messages sent from Alice to Bob will bedirected to the IP5 address, in a manner similar to the SIP messages 426and RTP messages 427.

When the Tunnel server 480 receives an IP packet, for example fromAlice's terminal, directed to the destination address IP5 assigned toterminal 430 by Tunnel server 480, the Tunnel Server 480 retransmits itto the IP2 address which is the real address used by said terminal usingthe same tunnel 485. For doing so it may encapsulate said received IPpacket, adding a new outer header which has as a destination IP addressthe IP2 address of terminal 430 and as the origin an LP address of thenetwork interface 481.

When terminal 430 receives the encapsulated IP packet, it removes theexternal header and retrieves the original IP packet which Alice'sterminal has sent.

This way, preferably all the IP packets which contain SIP messages andRTP packets go through the network interface 481 of the Tunnel server480 and the Interception device 490 can intercept said IP packets bymeans of its network interface 491 when the data streams which carrysaid IP packets go through the data network 423.

The packets can be intercepted in the network of the TSP 425 indifferent ways. In a first example, the Interception device 490 can“read” or “sniff” all the packets in the network 423 and detect packetsthat use any information associated with Alice or Bob, like their IPaddresses or SIP URIs.

In a second example, the Tunnel server 480 and/or the Proxy server 460may first receive all or a portion of the packets and resend the packetsto the interception device 490.

As explained before, SIP messages may use different security protocolslike TLS, IPsec and others.

The media packets 427 also may use security protocols like, for example,the “Secure Real-time Transport Protocol” (SRTP) which can provideconfidentiality, message authentication, and replay protection to theRTP traffic and to the control traffic for RTP, the Real-time TransportControl Protocol (RTCP).

The Secure Real-time Transport Protocol (SRTP) is described in thespecifications RFC3711, M. Baugher et. al., March 2004, published onlineby the IETF and available at www.ietf.org/rfc/rfc3711.txt

Another security protocol, for example the “Session Description Protocol(SDP) Security Descriptions for Media Streams” may be used to establishthe cryptographic parameters for SRTP using a new SDP attributed called,for example, “crypto”, which is used to signal and negotiatecryptographic parameters for media streams in general, and for SRTP inparticular.

The “Session Description Protocol (SDP) Security Descriptions for MediaStreams” is described in the specification RFC 4568, F. Andreasen et.al., July 2006, published online by the IETF and available atwww.ietf.org/rfc/rfc4568.txt

If a security protocol like TLS, IPsec or SRTP is used for securing SIPmessages or RTP packets, then the SIP Proxy 460 sends all thecryptography information, like for example encryption keys, to theinterception device 490.

Said Interception Device 490 has a communication 492 with a LEA device495 which is part of an official organization which has requested thelegal interception of the communications. Following the terminology ofCALEA, said organization is called “Law Enforcement Agent” or LEA.

The communication 492 between the Interception Device 490 and the LEAdevice 495 may use several methods for exchanging information. Astandard method for this exchange of information is defined by theANSI/J-STD-025 standard, July 2006, developed by “TelecommunicationsIndustry Association” (TIA) and the “Alliance for TelecommunicationsIndustry Solutions” (ATIS), available at www.atis.org.

This way, the IP packets exchanged between Alice's and Bob's terminalspreferably always go through the network interface 481 of the Tunnelserver 480 and by using the present invention it is possible tointercept legally the communications between Alice and Bob with no needto modify the SDP fields and other SIP messages which they exchange insuch a way that Alice and Bob cannot detect the interception.

The LEA device 495 may send to the interception device 490 informationthat indicates to the interception device 490 witch communications mustbe intercepted. For example the LEA device 495 may send to theinterception device information comprising the SIP URI used by Alice(sip:alice@example.com) or the SIP URI used by BOB(sip:bob@mediapatents.com) or both of them. According to such animplementation, when the interception device 490 detects a SIPcommunication established using one of this SIP URI, the communicationis intercepted.

Interception may be achieved by the SIP Proxy server 460 sending to theinterception device 490 a copy of all the SIP messages received, so theInterception device can check if any of these SIP URIs is used andbefore starting an interception.

The information sent from the LEA device 495 to the interception devicemay be a SIP URI, or other identifying information, of a user that isnot a user of the TSP 425. For example, Bob may use a first telecomservice provider to access the internet, Alice may use a second telecomservice provider to access the internet and Bob may uses the SIP proxyservices of TSP 425 that is a third telecom service provider differentfrom his own. In this example, the first, the second and the thirdtelecom service providers are different from one another. The LEA devicemay request an interception by sending the SIP URI used by Alice,sip:alice@example.com to the interception device 490.

In this way, the interception device 490 can intercept thecommunications of Alice using her SIP URI independently of the interneaccess that Alice is using to communicate with users of the SIP proxyserver like Bob. Alice could be, for example, in a cybercafe, or using afree WIFI hotspot with a laptop or using WIMAX interne connection, buther communications with Bob are able to be intercepted because she usesher SIP URI or other similar identifying information sent from the LEAdevice 495 to the interception device 490.

Also the present invention offers Bob a very important advantage byallowing him to use an IP5 address which is associated with the Tunnelserver 480 for its SIP communications. This advantage is privacy. If Bobsends his IP packets using the IP2 address of his terminal, it ispossible for Alice to locate the geographic situation of Bob's terminalby looking for the geographic zone of the IP2 address. This way,offering this privacy service to Bob, it is covered that the presentinvention allows intercepting legally the communications between Aliceand Bob.

In FIG. 4, for more clarity, four different servers 460, 470, 480 and490 are shown which provide services of Proxy Server, Location Server,Tunnel server and Interception device respectively. However otherconfigurations are equally possible in the present invention. Forexample, one server may provide the four services or in another example,a first server provides the Proxy Server and Location Server servicesand a second server provides the services of Tunnel server andInterception device.

In FIG. 4 a single Tunnel server is shown. However the present inventionmay be used with a plurality of Tunnel servers distributedgeographically in such a way that the time needed for an IP packet to besent from Alice's terminal 210 to Bob's terminal 430 is reduced, usingfor that the Tunnel Server which allows that the IP packets arrivefaster.

In FIG. 4 the Tunnel server 480 has a unique network interface 481.However other configurations are possible and the Tunnel server may havea plurality of network interfaces, each one having several IP addresses.

The present invention has the advantage that it may also be used whenthe Telecom Service Provider 425 which offers services related with theSIP protocol to the user is a telecommunications service providerdifferent from the one that provides access to the data network, forexample Internet, to the user which he wishes to intercept thecommunication.

Until now, the usual way of intercepting communication through IPpackets of a user is intercepting all the IP packet traffic which theuser sends and receives. This interception service is provided usuallyby the TSP which provides the Internet access to the user, from a fixedterminal, for example through ADSL lines or through a mobile terminal,for example a mobile phone with 3G technology for accessing Internet.

However, there are telecommunications service providers that offerservices to the users without offering Internet access. For example, thee-mail services known as “Gmail” or “Hotmail” are services which theusers may use from any Internet connection and which have a wideacceptance because they are free. For example, Bob may use the e-mailsbob@gmail.com or bob@hotmail.com from any computer connected to theInternet. It is possible that these free e-mail service providers offernew services with new communication forms to the users by means of theSIP protocol. For example Bob may use the SIP URI sip:bob@gmail.com forestablishing multimedia communications from any computer connected tothe Internet. This implies a new difficulty for intercepting thesecommunications since it is not enough to intercept the IP packets of theInternet connections to the Internet which Bob usually uses from home orfrom his mobile telephone.

The present invention allows performing a legal interception of thecommunications without the detection from the user, when atelecommunications service provider provides this kind of servicesrelated with the SIP protocol to the users in such a way that they mayestablish multimedia communications from any computer connected to theInternet. For example Bob may use his SIP URI sip:bob@gmail.com from anycybercafe, from the airport with wi-fi connection or from any otherInternet connection and, by using the present invention, hiscommunications may be intercepted.

What follows now is a description of a second embodiment. In said secondexample of the embodiment it is described a method of packing which maybe used in an embodiment of the present invention and that gives Bob anew advantage that also covers the possibility that Bob's communicationsmay be legally intercepted. This new advantage is an improved mobility.

In the previous example, terminal 430 obtains an external IP5 address ofthe Tunnel server 480 and uses it as an origin IP address of the IPpackets which contain SIP messages and RTP packets, encapsulating saidIP packets in the previously described way. However there are severalprotocols which allow terminal 430 to perform this packing function withall the IP packets it sends and not only with the IP packets whichcontain SIP messages and RTP packets. Said protocols are the protocolsknown as “Mobile IP”.

Like all the protocols published by the IETF, the “Mobile IP” protocolswere not designed taking into account the legal interception of thecommunications. However the use of Mobile IP protocols as aencapsulating protocol allows intercepting all the communications fromBob when he uses the SIP protocol in the way described in FIG. 4.

“Mobile IP” is a plurality of protocols defined by the IETF which allowthat a mobile device which sends IP packets for communicating may moveand use different routers from different data networks while it ismoving. The usual term for referring to a mobile device is “Mobile Node”or “MN”. The two main protocols of Mobile IP are the protocols known asMobile IPv4 and Mobile IPv6 which use IP addresses of the IPv4 and IPv6kind respectively.

The “IP Mobility Support for IPv4” (in the following “Mobile IPv4”) isdescribed in the specifications RFC3344 published by the IETF, C.Perkins, August 2002, available at www.ietf.org/rfc/rfc3344.txt. The “IPMobility Support for IPv6” (in the following “Mobile IPv6”) is describedin the specifications RFC3775 published by the IETF, D. Johnson et. al.,June 2004, available at www.ietf.org/rfc/rfc3775. The functionalities ofthe Mobile IPv4 and Mobile IPv6 are known to the person skilled in theart. However and for more clarity, a brief description follows.

A “Mobile Node” may have two IP addresses: a permanent address known as“Home Address” and a changing address known as “Care of Address” or“CoA” which is an address associated to the network which the MobileNode is visiting at that moment.

A device known as “Home Agent” stores the information of the Mobile Nodewhose IP address is permanently in the same network as the Home Agent.When the Mobile Node is found in its permanent network it does not needto use mobility services.

When a node in the network, usually known as “Correspondent Node” or CN,wishes to send IP packets to a Mobile Node which is found in a remotenetwork it uses the permanent address of the Mobile Node, that is theHome Address, for sending said IP packets. These IP packets areintercepted by the Home Agent which encapsulates said packets adding anew IP header and resends by means of a tunnel to the CoA address of theremote network where the Mobile Node is found.

For packing and sending the packets through the tunnel, the Home Agentand the Mobile Node may use a plurality of protocols such as the “IPEncapsulation within IP” previously described.

In the Mobile IPv4 version a device known as “Foreign Agent” or FA maybe used in the remote network which is a router which provides mobilityservices to the MN. When the Foreign Agent is used, a tunnel between theHome Agent and the Foreign Agent exists.

When a Mobile Node is found outside its permanent network and wishes tosend IP packets to a Correspondent Node, the MN can encapsulate saidpackets directed to the CN and send them first to the Home Agent bymeans of a tunnel for the Home Agent to resend them to the CN. Thismethod is known as “Reverse Tunnelling” and its use in Mobile IPv4 isdescribed in the RFC3024, G. Montenegro, January 2001, available atwww.ietf.org/rfc/rfc3024.txt. Its use in Mobile IPv6 is described insection 11.3.1 of the RFC base or RFC3775 previously described.

When the present invention uses the Mobile IP protocol, the Tunnelserver 480 of FIG. 4 includes the Home Agent functionality and providesthe IP address known as Home Address to the terminal 430 which uses theMobile IP protocol.

When terminal 430 uses the Mobile IP protocol, it establishes all itscommunications, including SIP messages and RTP packets, like if itsorigin IP address was the IP address known as Home Address obtained fromthe Home Agent.

In FIG. 4, if the protocol used is Mobile IPv4, the router 440 canperform the functions of a Foreign Agent. In this case the tunnel 485 ofFIG. 4 would end in router 440, which removes the packaging of the IPpackets before sending them to the terminal 430.

In Mobile IPv6 the Foreign Agent function does not exist and the tunnel485 goes from the Home Agent to the mobile node. In FIG. 4, tunnel 485would end in terminal 430 which Bob uses.

A problem associated to the mobility is the process when a Mobile Nodechanges from one router to another. This process of changing the routeris known as “handover”. When a Mobile Node changes from a first routerto a second router it is preferable to perform this change in thefastest way possible for avoiding that the Mobile Node is some secondsunable to send or receive IP packets. It is also convenient to designsome mechanism which avoids loosing IP packets which arrive to the firstrouter when the Mobile Node is no longer connected. For example, in avoice application over IP (VoIP) a delay in sending and receiving againpackets is not acceptable.

In FIG. 4 a single router 440 is depicted which offers access to a datanetwork, for example Internet, to the terminal 430 used by Bob. Howevera plurality of routers may exist, for example routers with WIFI and/orWIMAX access, and Bob may move while he communicates with Alice in sucha way that his terminal 430 connects to different WIFI and/or WIMAXrouters when Bob changes its position.

For solving problems associated with handover, the IETF has publishedtwo documents which propose different solutions. These are the documentsknown as FHMIPv6 HMIPv6 cited below.

The document “Fast Handover for Mobile IPv6” (FHMIPv6) is described inthe RFC4068 specifications published by the IETF, R. Koodli, July 2005,available at www.ietforg/rfc/rfc4068.txt.

The document “Hierarchical Mobile IPv6 Mobility Management” (HMIPv6) isdescribed in the RFC4140 specifications published by the IETF, H.Soliman et. al., August 2005, available at www.ietf.org/rfc/rfc4140.txt.

The SIP protocol also has mechanisms for providing mobility serviceslike the server known as “SIP registrar”. However, these mobilitymechanisms of the SIP protocol are not optimized like the Mobile IPprotocols and have a longer delay in the handover process.

In the present invention, by using the Mobile IP protocol with the SIPprotocol the delay in the handover process can be shortened. Thisshorter handover process makes using the Mobile IP protocol in Bob'sterminal 430 a benefit.

Although the Mobile IP protocols were not designed for allowing thelegal interception of the communications, its use in the presentinvention makes that preferably all packets which terminal 430 sends andreceives go through the address IP Home Address of the Tunnel server480, where they can be intercepted by the Interception device 490 bymeans of its network interface 491 connected to the same network as thenetwork interface 481 of the Tunnel server which performs the functionsof the Home Agent.

Although certain preferred embodiments and examples have been disclosed,it will be understood by those skilled in the art that furtherimplementations or uses beyond those specifically disclosed herein arecontemplated. Thus, it is intended that the scope of the presentinvention herein disclosed should not be limited by the particulardisclosed embodiments described above.

What is claimed is:
 1. A computer-implemented method for lawfullyintercepting communication IP packets exchanged between a first terminalhaving a first IP address and a second terminal having a second IPaddress, the method comprising: first equipment in a data network of afirst communications service provider transmitting a third IP address tothe first terminal for use as a source IP address of the first terminalin a field of session establishment messages to be transmitted from thefirst terminal to establish communication between the first terminal andthe second terminal, the first equipment and/or a second equipment inthe data network receiving at least some of the communication IPpackets; and intercepting the communication IP packets in the datanetwork.
 2. A method according to claim 1, wherein the sessionestablishment messages are SIP (Session Initiation Protocol) message andthe field of the session establishment message is a SDP (SessionDescription Protocol) connection field.
 3. A method according to claim1, further comprising the first equipment and/or the second equipmentremoving the first IP address from the communication IP packets receivedfrom the first terminal before the communication IP packets are sent tothe second terminal.
 4. A method according to claim 1, wherein thecommunication IP packets comprise media packets.
 5. A method accordingto claim 2, wherein the communication IP packets comprise media packets.6. A method according to claim 5, wherein the media packets are RTP(Real Time Protocol) packets.
 7. A method according to claim 1, whereinthe third IP address is associated with the first equipment.
 8. A methodaccording to claim 7, wherein the first equipment has one or morenetwork interfaces, the third IP address being an IP address of one ofthe one or more network interfaces.
 9. A method according to claim 1,wherein the first terminal is a Mobile Node and the first equipment is aHome Agent.
 10. A method according to claim 9, wherein the Home Agentcommunicates with the Mobile Node using Mobile IP version 4, versions ormodifications of Mobile IP version 4, or equivalents thereof.
 11. Amethod according to claim 9, wherein the Home Agent communicates withthe Mobile Node using Mobile IP version 6, versions or modifications ofMobile IP version 6, or equivalents thereof.
 12. A method according toclaim 1, wherein the second terminal does not belong to the firstcommunications service provider.
 13. A method according to claim 1,wherein the first terminal does not belong to the first communicationsservice provider.
 14. A method according to claim 1, wherein the firstterminal belongs to a second communications service provider and thesecond terminal belongs to a third communications service provider, thefirst, second and third communication service providers being differentfrom one another.
 15. A method according to claim 1, wherein thecommunication IP packets are intercepted by lawful interceptingequipment in the data network which is connected to a law enforcementagency.
 16. A method according to claim 1, wherein the second terminaldoes not belong to the first communications service provider, thecommunication IP packets being intercepted by lawful interceptingequipment in the data network which is connected to a law enforcementagency (LEA) device, the intercepting equipment receiving instructionsfrom the LEA device to intercept the communication IP packets in acommunication established by using a SIP Uniform Resource Identifier(URI) of a user of the first terminal or the second terminal.
 17. Amethod according to claim 2, further comprising the first equipmentand/or the second equipment in the data network receiving SIP messagesfrom the second terminal, at least some of the SIP messages received inIP packets from the second terminal having the third IP address as adestination address.
 18. A method according to claim 1, wherein thecommunication IP packets comprise the session establishment messages andmedia packets.
 19. A method according to claim 18, wherein thecommunication IP packets are intercepted in the data network upon thefirst equipment and/or the second equipment and/or a third equipment inthe data network detecting an identifier of a user of the firstterminal.
 20. A method according to claim 19, wherein the identifier isa URI (Uniform Resource Identifier).
 21. A method according to claim 2,wherein the communication IP packets comprise SIP messages and mediapackets.
 22. A method according to claim 21, wherein the communicationIP packets are intercepted in the data network upon the first equipmentand/or the second equipment and/or a third equipment in the data networkdetecting an identifier of a user of the first terminal, the identifierbeing a SIP URI (Session Initiation Protocol Uniform ResourceIdentifier).